I was in a meeting with an executive at a large financial services company today discussing some of his technology problems and how my portfolio companies could address them. One of the big issues he mentioned was spam and stopping worms. Even though his company has spent real dollars in those areas, they are still problems which need to be solved. As Sasser and other worms and blended threats spread rapidly around the Internet, it got me thinking about what needs to be done to make us more secure. Techdirt has a great piece about taking a hyrbid strategy to stopping these threats, an approach I agree with wholeheartedly. I have always been a fan of a defense in depth strategy where you have security devices at the network level and down to the desktop. Have you seen Cisco's recent advertising campaign about self-defending networks? While it is a broad-based strategy which you can read more about on their site, one aspect I like about the NAC initiative is that it does not allow anyone to access a network wirelessly or wired before a scan is done to make sure the device is virus and worm free and up-to-date with its patches and antivirus software. They currently have an enterprise focus, but the logic behind the initiative makes a ton of sense. Recently, Earthlink launched a deal with Symantec where consumers could get antivirus and firewall software from Symantec on their monthly bill. While I like the direction Earthlink is taking, I think all ISPs should take this a step further and replicate the Cisco NAC initiative where no user can log on to a network until their system is scanned and updated with the latest patch and antivirus software. Charge consumers an extra $1 a month but make it a prerequisite to get on the Internet. On top of that ISPs are and should continue to apply a number of different security devices on the edge of the network to prevent attacks from reaching end users. Vendors sellling home networking equipment like Linksys and D-Link should figure out how to embed and price antivirus and antispam software in their boxes as well. For the most part this will only stop the vulnerabilities and attacks that we know about, but the reality is that many of these attacks take advantage of known vulnerabilities. Helping the naive consumer in a proactive way will help us take one big giant step in making the Internet a more secure place.
What needs to be done to make us more secure
Post Author
4 Responses to “What needs to be done to make us more secure”
Leave a Reply
about
Ed Sim is founder of BOLDstart Ventures and co-founder of Dawntreader Ventures. Mr. Sim has over 15 years of venture capital experience having led seed and first round investments in a number of high profile Internet and software companies.
- I hate shitty software – webroot spysweeper v5
- iPod sucks
- Remember Long Term Capital?
- Tips for the first VC Meeting
- RSS Ads
-
Branding first starts with your team
-
Camping out and closing deals
-
Cutco Knives and startups
- Startups and Intellectual Property (IP)
- What entrepreneurs can learn from Jeff Spicoli
-
Hercules Fernandes: Well Noah, look no further. :) I would love to be ...
-
Chris: One of my best friends, who is about to do an ange...
-
Jose Ramirez: I currently am showing/saleing cutco but i have fo...
-
Marcus Robbins: Right on the money! I started w Cutco in 00' as ...
-
Billy Bob: ...and on today's episode of "how to be disingenuo...
- blaze.io (sold to Akamai)
- Enterproid
- Eucalyptus Software
- Fotolog (sold to Hi-Media-French public company)
- GoInstant (sold to Salesforce.com)
- Handshake
- IndieGoGo
- Karma
- localresponse
- Plain Vanilla Games
- playhaven
- Preact.io
- Rapportive (sold to Linkedin)
- ShowMe
- ThinkNear (sold to Telenav)
- Tracks.io
- yipit
Recent Comments
- Hercules Fernandes: Well Noah, look no further.
I would love to be the one to help with that experience.... - Chris: One of my best friends, who is about to do an angel round for his start up, and I constantly say,...
- Jose Ramirez: I currently am showing/saleing cutco but i have found myself with no leads/ Recomendations.
- Marcus Robbins: Right on the money! I started w Cutco in 00′ as an 18 year old college freshman, I never...
- Billy Bob: …and on today’s episode of “how to be disingenuous.” The problem with this...
The only problem with the idea is that not everybody has a conventional Windows box to access the Internet. Some have Mac, Linux, BSD, or maybe are using some sort of internet appliance gizmo. You might be able to cover the majority platforms but you’ll leave the innovators and the minorities out.
Would processing power be an issue with this type of technology? Right now, you are able to get on the internet and browse around with a slower end machine lets say 500Mhz. If there is a complete system scan on a 500Mhz machine that would take forever. Would it be economical for a user to wait up to 10 minutes to check if it is going to rain tomorrow?
Symantec recently acquired Sygate which has offerings in the area of NAC. Endforce is another company which has developed agent based technology which can effectively and efficiently check for varying degrees of compliance of different nodes getting on to the network. This technology is more suited for accessing enteprise networks right now. There are various industry wide efforts in this direction like NAP, NAC and TCG with varying degree of support. This technology another tool to further enhance security obviously at the cost of computing and network resources. But then that is true for every software, hardware or firmware application.
why would I want to “wait” until I can get on the network if I am up to date? thats a bad deal for me…and is assuming that I am a windows PC!
Look at Forescout’s CounterAct, which is clientless NAC, transparent to me the end user, and has the undefeatable IPS engine running on the same appliance (no sigs/anamolies).